Securing Relay on Exim with SMTP AUTH

To: Debian-Security <debian-security@lists.debian.org>
Subject: Securing Relay on Exim with SMTP AUTH
From: David Ehle <ehle@iit.edu>
Date: Wed, 3 Oct 2001 15:14:48 -0500 (CDT)
Message-id: <Pine.LNX.4.30.0110031444580.5203-100000@hep00.phys.iit.edu>

I've got a stumper for you all I think.

I'm trying to set up Exim with SMTP Authentication, so that my wandering
users can access the mail server from anywhere on the globe, WITHOUT
opening huge holes in my relaying.

It seems the way to do this is to  compile exim with SMTP AUTH
support and then add the mysterious seventh section to exim.conf.

The debian distributed Exim already has the SMTP AUTH CRAM-MD5 and PLAIN
features compiled in, so that brings us to the configuration file.

Daniel Einspanjer was kind enough to give me the basics of this part of
the file, and it seems to work for him. However my serve seems to
be just denying relays rather than going authentication.

here is his code :
Be aware that the 3rd line will probably be all whaced out as its about 3
lines long.
######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################

plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = "${if and {{!eq{$2}{}}{!eq{$3}{}}{crypteq{$3}{${extract{2}{:} {${lookup mysql{selectpassword_hash from popbox where mbox_name = '${local_part:$2}' and domain_name = '${domain:$2}'}{$value}{fail}}}}}}}{1}{0}}"
  server_set_id = $2

login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:::Password::"
  server_condition = "${if and {{!eq{$1}{}}{!eq{$2}{}} \
  {crypteq{$2}{${extract{2}{:} \
  {${lookup mysql{select password_hash from popbox where mbox_name = '${local_part:$1}' and domain_name ='${domain:$1}'} \
  {$value}{fail}}}}}}}{1}{0}}"
 server_set_id = $1

end
#End Exim Configuration

Now unfortunatly my knowledge of how all this works is way below
comprehending what all that meant :(

However if anyone else cares to translate, maybe this would be a good
place to start.

If anyone else is doing it in a different fashion I would love to hear
about it and/or get a copy of your exim.conf file.

In addition, I don't really like the idea of plain text authentication,
even on email, as I don't trust users to keep a seperate system and email
passwd.so if anyone knows how to do this using the CRAM-MD5 Auth method I
would be delighted.

Thanks much!

 David.

Reply to:

Follow-Ups:
- Re: Securing Relay on Exim with SMTP AUTH
  - From: Mark Bergsma <mark@nedworks.org>

Prev by Date: Re: bind appears to restart before the kernel is fully loaded
Next by Date: passing information via network via gpg
Previous by thread: Re: NIC losts promisc. mode
Next by thread: Re: Securing Relay on Exim with SMTP AUTH
Index(es):
- Date
- Thread